$today = date("Y-m-d H:i:s");
// Some important settings we gonna use throughout the page
define('BASEURL', 'http://localhost:3000/');
define('DOMAIN', '.localhost:8888');
define("NOW", "" . $today . "");
// Make sure nobodys trying to f#&k with us
if (get_magic_quotes_gpc()) {
function strip_array($var)
{
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
}
$_POST = strip_array($_POST);
$_SESSION = strip_array($_SESSION);
$_GET = strip_array($_GET);
$_REQUEST = strip_array($_REQUEST);
$_COOKIE = strip_array($_COOKIE);
}
// Connect to the glorious database
function db()
{
static $connection;
if (!isset($connection)) {
$db = parse_ini_file('config.ini');
$connection = mysqli_connect('localhost', $db['username'], $db['password'], $db['database']);
}
if ($connection === false) {
return mysqli_connect_error();
}
return $connection;
}
// Now a few shorthand functions to talk with the database
* Copyright (c) 2010-2014 Tinyboard Development Group
*/
require 'inc/functions.php';
require 'inc/mod/pages.php';
require 'inc/mod/auth.php';
if ($config['debug']) {
$parse_start_time = microtime(true);
}
// Fix for magic quotes
if (get_magic_quotes_gpc()) {
function strip_array($var)
{
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
$query = isset($_SERVER['QUERY_STRING']) ? rawurldecode($_SERVER['QUERY_STRING']) : '';
$pages = array('' => ':?/', '/' => 'dashboard', '/confirm/(.+)' => 'confirm', '/logout' => 'secure logout', '/users' => 'users', '/users/(\\d+)/(promote|demote)' => 'secure user_promote', '/users/(\\d+)' => 'secure_POST user', '/users/new' => 'secure_POST user_new', '/new_PM/([^/]+)' => 'secure_POST new_pm', '/PM/(\\d+)(/reply)?' => 'pm', '/inbox' => 'inbox', '/log' => 'log', '/log/(\\d+)' => 'log', '/log:([^/]+)' => 'user_log', '/log:([^/]+)/(\\d+)' => 'user_log', '/news' => 'secure_POST news', '/news/(\\d+)' => 'secure_POST news', '/news/delete/(\\d+)' => 'secure news_delete', '/noticeboard' => 'secure_POST noticeboard', '/noticeboard/(\\d+)' => 'secure_POST noticeboard', '/noticeboard/delete/(\\d+)' => 'secure noticeboard_delete', '/edit/(\\%b)' => 'secure_POST edit_board', '/new-board' => 'secure_POST new_board', '/rebuild' => 'secure_POST rebuild', '/reports' => 'reports', '/reports/(\\d+)/dismiss(all)?' => 'secure report_dismiss', '/IP/([\\w.:]+)' => 'secure_POST ip', '/IP/([\\w.:]+)/remove_note/(\\d+)' => 'secure ip_remove_note', '/ban' => 'secure_POST ban', '/bans' => 'secure_POST bans', '/bans/(\\d+)' => 'secure_POST bans', '/ban-appeals' => 'secure_POST ban_appeals', '/search' => 'search_redirect', '/search/(posts|IP_notes|bans|log)/(.+)/(\\d+)' => 'search', '/search/(posts|IP_notes|bans|log)/(.+)' => 'search', '/(\\%b)/ban(&delete)?/(\\d+)' => 'secure_POST ban_post', '/(\\%b)/move/(\\d+)' => 'secure_POST move', '/(\\%b)/edit(_raw)?/(\\d+)' => 'secure_POST edit_post', '/(\\%b)/delete/(\\d+)' => 'secure delete', '/(\\%b)/deletefile/(\\d+)' => 'secure deletefile', '/(\\%b+)/spoiler/(\\d+)' => 'secure spoiler_image', '/(\\%b)/deletebyip/(\\d+)(/global)?' => 'secure deletebyip', '/(\\%b)/(un)?lock/(\\d+)' => 'secure lock', '/(\\%b)/(un)?sticky/(\\d+)' => 'secure sticky', '/(\\%b)/bump(un)?lock/(\\d+)' => 'secure bumplock', '/themes' => 'themes_list', '/themes/(\\w+)' => 'secure_POST theme_configure', '/themes/(\\w+)/rebuild' => 'secure theme_rebuild', '/themes/(\\w+)/uninstall' => 'secure theme_uninstall', '/config' => 'secure_POST config', '/config/(\\%b)' => 'secure_POST config', '/debug/antispam' => 'debug_antispam', '/debug/recent' => 'debug_recent_posts', '/debug/apc' => 'debug_apc', '/debug/sql' => 'secure_POST debug_sql', '/(\\%b)/' => 'view_board', '/(\\%b)/' . preg_quote($config['file_index'], '!') => 'view_board', '/(\\%b)/' . str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '!')) => 'view_board', '/(\\%b)/' . preg_quote($config['dir']['res'], '!') . str_replace('%d', '(\\d+)', preg_quote($config['file_page'], '!')) => 'view_thread');
if (!$mod) {
$pages = array('!^(.+)?$!' => 'login');
} elseif (isset($_GET['status'], $_GET['r'])) {
header('Location: ' . $_GET['r'], true, (int) $_GET['status']);
exit;
}
if (isset($config['mod']['custom_pages'])) {
$pages = array_merge($pages, $config['mod']['custom_pages']);
}
$new_pages = array();
foreach ($pages as $key => $callback) {
if (is_string($callback) && preg_match('/^secure /', $callback)) {
<?php
if (get_magic_quotes_gpc()) {
function strip_array($var)
{
return is_array($var) ? array_map("strip_array", $var) : stripslashes($var);
}
$_POST = strip_array($_POST);
$_SESSION = strip_array($_SESSION);
$_GET = strip_array($_GET);
}
/**
* Router
*/
function route($table)
{
$path = $_SERVER['REQUEST_URI'];
$q_pos = strpos($path, '?');
if ($q_pos !== false) {
$path = substr($path, 0, $q_pos);
}
$segments = explode('/', trim($path, ' /'));
$possibilities = array();
foreach ($table as $route => $handler) {
$parts = preg_split('/\\s+/', $route);
$method = $parts[0];
if ($method !== $_SERVER['REQUEST_METHOD']) {
continue;
}
$path = $parts[1];
$path = preg_replace('%//+%', '/', $path);
while ($db = mysql_fetch_array($query)) {
$fieldname = $db[name];
$requirederror .= adfieldinputcheck($in[catid], "{$fieldname}", $in[$fieldname]);
}
if (!$in[location] || !$in[header] || !$in[text] || $requirederror) {
died($error[14]);
} else {
if (isbanned($_SESSION[suserid])) {
$error = rawurlencode($error[27]);
header(headerstr("classified.php?status=6&errormessage={$error}"));
exit;
}
if (strlen($in['text']) < $limit["0"] || strlen($in['text']) > $limit["1"]) {
died("Sorry, your text has to be between {$limit['0']} and {$limit['1']} characters.");
}
$in = strip_array($in);
$in[text] = encode_msg($in[text]);
if ($in[icon1] == "on") {
$in[icon1] = 1;
} else {
$in[icon1] = 0;
}
if ($in[icon2] == "on") {
$in[icon2] = 1;
} else {
$in[icon2] = 0;
}
if ($in[icon3] == "on") {
$in[icon3] = 1;
} else {
$in[icon3] = 0;
function check_login($prompt = false)
{
global $config, $mod;
// Validate session
if (isset($_COOKIE[$config['cookies']['mod']])) {
// Should be username:hash:salt
$cookie = explode(':', $_COOKIE[$config['cookies']['mod']]);
if (count($cookie) != 3) {
// Malformed cookies
destroyCookies();
if ($prompt) {
mod_login();
}
exit;
}
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $cookie[0]);
$query->execute() or error(db_error($query));
$user = $query->fetch(PDO::FETCH_ASSOC);
// validate password hash
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies
destroyCookies();
if ($prompt) {
mod_login();
}
exit;
}
$mod = array('id' => $user['id'], 'type' => $user['type'], 'username' => $cookie[0], 'boards' => explode(',', $user['boards']));
}
if ($config['debug']) {
$parse_start_time = microtime(true);
}
// Fix for magic quotes
if (get_magic_quotes_gpc()) {
function strip_array($var)
{
return is_array($var) ? array_map('strip_array', $var) : stripslashes($var);
}
$_GET = strip_array($_GET);
$_POST = strip_array($_POST);
}
}
function undo_magic_quotes()
{
//************************************************
function strip_array($var)
{
//stripslashes() also handles cases when magic_quotes_sybase is on.
if (is_array($var)) {
return array_map("strip_array", $var);
} else {
return stripslashes($var);
}
}
//end strip_array()
if (get_magic_quotes_gpc()) {
if (isset($_GET)) {
$_GET = strip_array($_GET);
}
if (isset($_POST)) {
$_POST = strip_array($_POST);
}
if (isset($_COOKIE)) {
$_COOKIE = strip_array($_COOKIE);
}
}
}
